• PRINTER RUSH# 

(PTO ASSISTANCE) 



Application : Examiner : 

i: ^ 



From: 




Location: 



GAU 

FMF FDC Date: 



Tracking #: Q^CDSSMI 



Week Date: 



DOC CODE 

□ 1449 

□ ids 

□ CLM 

□ lIFW 

□ SRFW 

□ drw 

□ oath 

□ 312 
0SPEC 



DOC DATE 



MISCELLANEOUS 

I I Continuing Data 
I I Foreign Priority 
I I Document Legibility 
r~l Fees 
□ Other 



[RUSHIMESSAGE: Ap^dn^g^ d^ieJ %',X^--JU>o^ W S^jr (pjS^) 



[XRUSH] RESPONSE: 



INITIALS: 

NOTE: This form will be included as part of the official USPTO record, with the Response 
document coded as XRUSH. 

REV 10/04 



identifier 531 of the current key class is located (within field 522). If the symmetric key value 523 
is null, then this key class has not yet been processed, and Block 770 has a positive result. Many 
alternative techniques may also be used, such as maintaining a lookup table of the key class 
identifiers for those key classes which have already been encountered. 

Blocks 775, 780, and 785 perform setup operations for each new key class being 
processed. Block 775 initializes the encryption process for this key class. This initialization 
begins by resolving the required encryption strMgth 521 fi^om the respective preprocessing key 
class object 520 into « specific algorithm and key length (if this information was not directly 
specified in the policy object). Preferably this resolution is done by consulting an LDAP directory 
as taught by previously-referenced 4 ^ . S; Patea fr - ^ (serial number 09/240,387), but the 
exact means of determining an algorithm and key length to provide a particular encryption 
strength is immaterial to this invention. The resolved algorithm and key length are stored in the 
key class dbject at 532 and 533, respectively. Next, a randmn symmetric key of the detennined 
length is generated and inserted as the vahie of field 523 of preprocesang key class object 520. 
(Note that the post processing phase of tiie present invention does not expose this random 
symm^c key in clear text to other processes.) Furthermore, tWs random symmetric key 523 is 
then used to initialize (see Block 790) the first iteration of the cipher block chain for this key 
class, using techniques which are wdl known in the art. This process may also involve inserting a 
string of random bits, called an initialization vector, before the first bit of the data to be 
enciphered. 
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Amendments to the Specification 
Please replace ttie paragraph on Page 1 , lines 4 - 9 with the following marked-up replacement 
paragraph: ^ ^ 



- This ^plication is related to the applications having serial pumb^y^ ()9f4Z2A97' entitled 
numbon>-09 / entitled "Selective Data Encryption Using Style Sheet Processing for 
Decryption by a Client ProKV", 09 / e nthl ed Proxy". 09/422.537 entitled "Selective Data 

Encayption Using Style Sheet Processing for Decryption by a Group Clerk**, and 09 / 



0^ ^tiHed and 09/422,431 entitled "Selective I>ata Encryption Using Style Sheet Processing for 

Decryption by a Key Recovery Agent**, all assigned to the same assignee and filed concuxrm^ 
' herewith on October 21, 1999. - 



Please re^cc the paragrG9>h thai begins on Page 9, line IS and carries ov^ to Page 10« line 7 



with the following marked-up replacement paragraph: 



0- 



- Conmionlv>assiimed U, S, Paten! fscriai nunaber 09/240.387. filed 

01/29/1999), titled "Method, System, and v^>paiatus for Selecting Encryption Levels Based on 
Policy Profiling" suggests tagging data elements in Extensible Markup Language ("XML") 
documents with field-level or record-level security information. ("XML" b a trodcnaork of 
Mopoadiuootta Institute of Tocbnologyi) By inspecting this security-level infoiznation and 
consulting directory entries concerning an individual's access i^ivil^es, a server responding to a 
docuxnexU request si^ppresses any document elements for which the requester is unauthorized, 
determines the enctyption algorithm and key length required by the most restrictive renaaining 
element (i.e. the rens^mog element having the highest-level security requirements), and eocxypts 
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